본 게시물은 개인적인 의견으로 작성되었으니 절대적인 정보가 아닐 수 있습니다. 참고만 하시고 궁금한 사항이 있으시면 연락주세요.

티스토리 뷰

SQL Server - CATEGORY

Microsoft SQL Server 대 한 TLS 1.2 지원

AWS-in 2016. 9. 26. 10:28

https://support.microsoft.com/ko-kr/kb/3135244

   

Known issues

Issue 1

   

SQL Server Management Studio (SSMS), Report Server, and Report Manager don't connect to the database engine after you apply the fix for SQL Server 2008, 2008 R2, 2012, or 2014. Report Server and Report Manager fail and return the following error message:

   

The report server cannot open a connection to the report server database. A connection to the database is required for all requests and processing. (rsReportServerDatabaseUnavailable)

This issue occurs because SSMS, Report Manager, and Reporting Services Configuration Manager use ADO.NET, and ADO.NET support for TLS 1.2 is available only in the .NET Framework 4.6. For earlier versions of the .NET Framework, you have to apply a Windows update so that ADO.NET can support TLS 1.2 communications for the client. The Windows updates that enable TLS 1.2 support in earlier versions of .NET framework are listed in the table in the "How to know whether you need this update" section.

   

Issue 2

   

Reporting Services Configuration Manager reports the following error message even after client providers have been updated to a version that supports TLS 1.2:

   

Could not connect to server: A connection was successfully established to the server, but then an error occurred during the pre-login handshake.

   

   

To resolve this problem, manually create the following registry key on the system that hosts the Reporting Services Configuration Manager:

   

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client : "Enabled"=dword:00000001

Issue 3

   

The encrypted endpoint communication that uses TLS 1.2 fails when you use encrypted communications for Availability Groups or Database Mirroring or Service Broker in SQL Server. An error message that resembles the following is logged in the SQL Error log:

   

Connection handshake failed. An OS call failed: (80090331) 0x80090331(The client and server cannot communicate, because they do not possess a common algorithm.). State 56.

For more information about this issue, see FIX: The encrypted endpoint communication with TLS 1.2 fails when you use SQL Server.

   

Issue 4

   

Various errors occur when you try to install SQL Server 2012 or SQL Server 2014 on a server that has TLS 1.2 enabled.

   

For more information, see FIX: Error when you install SQL Server 2012 or SQL Server 2014 on a server that has TLS 1.2 enabled.

   

Issue 5

   

An encrypted connection with Database Mirroring or Availability Groups does not work when you use a certificate after you disable all other protocols other than TLS 1.2. An error message that resembles the following is logged in the SQL Server Error log:

   

An encrypted connection with Database Mirroring or Availability Groups does not work when you use a certificate after you disable all other protocols other than TLS 1.2. You may notice one of the following symptoms:

   

Symptom 1:

   

An error message that resembles the following is logged in the SQL Server Error log:

Connection handshake failed. An OS call failed: (80090331) 0x80090331(The client and server cannot communicate, because they do not possess a common algorithm.). State 58.'

Symptom 2: 

   

An error message that resembles the following is logged in Windows event log:

Log Name:      System

Source:        Schannel

Date:          <Date Time>

Event ID:      36888

Task Category: None

Level:         Error

Keywords:      

User:          SYSTEM

Computer:      ------------

Description:

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.

   

Log Name:      System

Source:        Schannel

Date:          <Date Time>

Event ID:      36874

Task Category: None

Level:         Error

Keywords:      

User:          SYSTEM

Computer:      -----------

Description:

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

This issue occurs because Availability Groups and Database Mirroring require a certificate that does not use fixed length hash algorithms, such as MD5. Fixed length hashing algorithms are not supported in TLS 1.2. 

   

For more information, see FIX: Communication using MD5 hash algorithm fails if SQL Server uses TLS 1.2.

   

Issue 6

   

The following SQL Server database engine versions are affected by the intermittent service termination issue that is reported in Knowledge Base article 3146034. For customers to protect themselves from the service termination issue, we recommend that they install the TLS 1.2 updates for Microsoft SQL Server that are mentioned in this article if their SQL Server version is listed in the following table.

   

   

SQL Server release

Affected version

SQL Server 2008 R2 SP3 (x86 and x64)

10.50.6537.0

SQL Server 2008 R2 SP2 GDR (IA-64 only)

10.50.4046.0

SQL Server 2008 R2 SP2 (IA-64 only)

10.50.4343.0

SQL Server 2008 SP4 (x86 and x64)

10.0.6543.0

SQL Server 2008 SP3 GDR (IA-64 only)

10.0.5544.0

SQL Server 2008 SP3 (IA-64 only)

10.0.5894.0

Issue 7

   

Database Mail does not work with TLS 1.2. Database Mail fails with the following errors:

Microsoft.SqlServer.Management.SqlIMail.Server.Common.BaseException: 

Mail configuration information could not be read from the database.

.

   

.Unable to start mail session.

For additional information refer to the section titled Additional fixes needed for SQL Server to use TLS 1.2in this article.

   

출처: <https://support.microsoft.com/en-us/kb/3135244>

댓글
최근에 올라온 글
최근에 달린 댓글
글 보관함
Total
Today
Yesterday